Kroll Earns Global CREST Accreditation for Penetration Testing Services

Kroll’s global Cyber Risk practice joins the elite community of companies to meet rigorous CREST standards for demonstrating skills, knowledge and competence in conducting penetration testing.

Kroll, a division of Duff & Phelps, a global leader in risk mitigation, investigations, compliance, cyber resilience, security and incident response solutions, announces that CREST has accredited Kroll as a global CREST Penetration Testing service provider. This accreditation affirms Kroll’s expertise and authority to conduct penetration testing for clients around the world and helps provide assurance to organizations regarding the strength of their cyber resilience.

CREST was set up in 2006 in response to the need for more regulated professional services in the technical security sector. The non-profit organization is now recognized globally as the preeminent accreditation and certification body for providers of penetration testing, cyber incident response, threat intelligence and security operations center (“SOC”) services. CREST accreditation is a mandatory requirement for CBEST engagements commissioned under the framework of the Bank of England.

“Earning this elite accreditation exemplifies how Kroll is continuously enhancing the depth and breadth of our Cyber Risk offerings to help clients around the world achieve greater security and resiliency,” said Jason Smolanoff, Senior Managing Director and Global Cyber Risk Practice Leader for Kroll. “We are proud to be part of an influential community of organizations and professionals who are shaping cyber security best practices for a dynamically changing future.”

“Ultimately, it’s the knowledge, skills and relevant insight that the professional tester brings to the client’s environment that determines the value of penetration testing to an organization,” said Andrew Beckett, Managing Director and EMEA Leader for Kroll’s Cyber Risk Practice. “Kroll works on hundreds of cases a year, including some of the most complex and highest profile matters in the world. This CREST accreditation underscores how our wide-ranging experience on the cyber security front lines, rigorous methodologies and threat intelligence-based technology all combine to deliver meaningful cyber risk assessments and, if necessary, pragmatic remedial solutions.”

“CREST is delighted to welcome Kroll as a member company,” said Ian Glover, president of CREST. “To become a CREST member, Kroll has been through a demanding assessment process that examined test methodologies, legal and regulatory requirements, data protection standards, logging and auditing, internal and external communications with stakeholders, as well as how test data security is maintained. Awarding Kroll membership for its penetration testing services means that we are formally recognizing that the company consistently delivers the highest professional security services standards to its customers.”

Associate Managing Director William Rimington, based in London, leads the global CREST program for Kroll. Rimington, a prominent authority in the area of penetration testing, has over 20 years of experience in technology architecture and testing, risk and cyber security. Prior to joining Kroll, Rimington led the Global Centre of Excellence for Ethical Hacking at a Big Four firm and was instrumental in the firm’s becoming a global member of CREST as well as a UK-approved provider of services for CBEST.